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REMARKS/ARGUMENTS 

Claims 1-64 are currently pending in the application. Paragraphs [0050] and [0051] are 

amended above to correct a typographical error. No new matter has been inserted. 

The Examiner rejected Claims 1-21, 46-52, 54, 57, 59, 62, and 64 under 35 U.S.C. 
§ 103(a) as being unpatentable over Pretty Good Privacy ("PGP"), as described in 
http://www.trincoll.edu/depts/cpsc/cryptography/pgp.html ("the Trinity College PGP 
description"). The Examiner conceded that the passages of PGP do not mention "resource" in 
the sense of the claim. However, in making the rejection, the Examiner asserted that it was well 
known in the art to control a resource in the fashion set forth in the claim for the motivation of 
having more complete security. Applicants respectfully traverse the rejection for at least the 
reasons set forth below. 

The Trinity College description does not teach or suggest Applicants' invention as recited 
in the rejected claims. The Trinity College PGP description teaches the use of public key 
encryption to securely exchange messages between parties. However, Applicants respectfully 
assert that the Trinity College PGP description does not teach or suggest a network session layer 
that maps authentication of at least one request to session level authorization, the authorization 
defining permitted communications between at least one resource and the at least one request. In 
support of this assertion, Applicants call the Examiner's attention to paragraphs [0046] through 
[0057] of the instant application as filed. As taught therein, the claimed invention involves 
modifying the session layer, or equivalents thereof, of a network protocol stack. Inter alia, this 
modified protocol stack combines "User and resource profiles ... to create a session profile, 
which represents a set of accesses that are both allowed and expected for a given user in a given 
session" [paragraph 0051]. Neither the Trinity College PGP description, or PGP generally, 
teaches or suggests modifying the network session layer to include definitions of permitted 
communications between a requestor and a resource, as recited in the claim and defined in the 
specification. It is well established that, in order to show obviousness, all limitations must be 
taught or suggested by the prior art. In Re Bovka . 180 U.S.P.Q. 580, 490 F.2d 981 (CCPA 
1974); MPEP § 2143.03. It is error to ignore specific limitations distinguishing over the 
references. In Re Boe . 184 U.S.P.Q. 38, 505 R2d 1297 (CCPA 1974); In Re Saether . 181 
U.S.P.Q. 36, 492 R2d 849 (CCPA 1974); In Re Glass, 176 U.S.P.Q. 489, 472 F.2d 1388 (CCPA 
1973). The Trinity College PGP description does not teach or suggest all limitations as recited in 
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the claims, and Applicants therefore respectfully request that the Examiner withdraw the 
rejection. 

The Examiner rejected claims 22-45, 53, 55-56, 58, 60-61, and 63 over PGP and 
admissions against prior art. The Examiner asserted that at pages 1-5 of the instant application, 
the specification noted that "virtual air gaps" are well known in the fashion in the sense of the 
claim. Applicants respectfully traverse the rejection for at least the reasons set forth below. 

The Trinity College description does not teach or suggest Applicants' invention as recited 
in the rejected claims. The Trinity College PGP description teaches the use of public key 
encryption to securely exchange messages between parties. However, Applicants respectfully 
assert that the Trinity College PGP description does not teach or suggest a session layer that 
maps authentication of at least one request to session level authorization, the authorization 
defining permitted communications between at least one resource and the at least one request. In 
support of this assertion, Applicants call the Examiner's attention to paragraphs [0046] through 
[0057] of the instant application as filed. As taught therein, the claimed invention involves 
modifying the session layer, or equivalents thereof, of a network protocol stack. Inter alia, this 
modified protocol stack combines "User and resource profiles ... to create a session profile, 
which represents a set of accesses that are both allowed and expected for a given user in a given 
session" [paragraph 0051]. Neither the Trinity College PGP description, or PGP generally, 
teaches or suggests modifying the network session layer to include definitions of permitted 
communications between a requestor and a resource, as recited in the claim and defined in the 
specification. It is well established that, in order to show obviousness, all limitations must be 
taught or suggested by the prior art. The Trinity College PGP description does not teach or all 
limitations as recited in the rejected claims, and Applicants therefore respectfully request that the 
Examiner withdraw the rejection. 
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CONCLUSION 

Having responded to all objections and rejections set forth in the outstanding Office 

Action, it is submitted that claims 1-64 are in condition for allowance and Notice to that effect is 



respectfully solicited. In the event that the Examiner is of the opinion that a telephone or 
personal interview will facilitate allowance of one or more of the above claims, he is courteously 
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